On Wed, 19 Nov 2025, Todd Herr via mailop wrote:
On Wed, Nov 19, 2025 at 4:05 PM L. Mark Stone via mailop <[email protected]>
wrote:
BTW, in a recent conversation I had with one of the BIMI Working Group
members, I was told that the primary reason for BIMI was to motivate larger
companies that care about their brand identity (and which send a lot of
email, and which are attractive to bad actors as companies to spoof) to
deploy DMARC faster.
Hell that's no secret; here's the third paragraph of the Introduction
section of
https://datatracker.ietf.org/doc/html/draft-brand-indicators-for-message-identification
:
BIMI is designed to be open and to work at Internet scale. BIMI is intended
to drive adoption of email authentication best practices by leveraging
existing DMARC [RFC7489 <https://www.rfc-editor.org/info/rfc7489>] policies,
the supporting authentication methods DKIM [RFC6376
<https://www.rfc-editor.org/info/rfc6376>] and SPF [RFC7208
<https://www.rfc-editor.org/info/rfc7208>], and other associated standards
such as ARC [RFC8617 <https://www.rfc-editor.org/info/rfc8617>].
In my opinion, it didn't quite achieve its goals here, which is why you're
seeing the large mailbox providers require DMARC/SPF/DKIM for higher volume
senders these days.
John Levine:
It appears that Hans-Martin Mosner via mailop <[email protected]> said:
Oops I must correct myself and apologize to Neustradamus: The mailop.org
mailing list does indeed break DKIM, that should be fixed.
When DKIM2 is available, that will be possible. At this point, it isn't.
Can I trust that the DKIM2 and BIMI people are talking and that when
these specifications are released they will work together to ensure the
best safety for all email users, including those with independent MUAs ?
--
Andrew C. Aitchison Kendal, UK
[email protected]_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
